HPA D DCO HPA And

Total Page:16

File Type:pdf, Size:1020Kb

HPA D DCO HPA And International Journal of Digital Evidence (Fall 2006) Hidden Disk Areas : HPA an d DCO forensic‐proof. com proneer 16/11/2009 Outline 1. Introduction 2. Host Protected Area 3. Device Configuration Overlays 4. Host Protected Area 5. Co‐existence of HAP and DCO 6. ItitiInvestigative Sign ificance page 1 HPA and DCO Other Transfer Maximum Other Standard Names Modes (MB/s) disk size New Features pre‐ATA IDE PIO 0 2.1 GB 22‐bit LBA ATA‐1 ATA, IDE Single‐word DMA 137 GB 28‐bit LBA EIDE, Fast ATA, ATA‐2 Multi‐word DMA PCMCIA connector Fast IDE, Ultra ATA ATA‐3 EIDE Single‐word DMA S.M.A.R.T AT Attachment Packet Interface(ATAPI), ATA‐4, ATA/ATAPI‐4 Ultra DMA 0, 1, 2 Host Protected Area(HPA), CompactFlash Ultra ATA/33 Association(CPA) ATA‐5 ATA/ATAPI‐5 Ultra DMA 3, 480‐wire cables; CompactFlash connector Ultra ATA/66 48‐bit LBA, Device Configuration ATA‐6, ATA/ATAPI‐6 Ultra DMA 5 144 PB Ol(DCO)Overlay(DCO), AiAutomatic AiAcoustic Ultra ATA/100 Management ATA‐7, Ultra DMA 6 ATA/ATAPI‐7 SATA 101.0 Ultra ATA/133 aka SATA/150 ATA/ATAPIpage‐ 82 ATA‐8 ‐ Hybrid drive Introduction HPA and DCO 9 Host Protected Area(Hidden Protected Area) 9 HDD(Hard Disk Drive)에 의해 예약된 영역 9 OS, BIOS 에 의해 보이지 않는 영역 9 ATA(Advanced Technology Attachment) -4 부터 등장 9 사용자, BIOS, OS가 쉽게 수정하거나 변경할 수 없는 영역의 필요 9 일반적으로 HDD utilities, diagnostic tools, boot sector code 저장 page 3 Introduction HPA and DCO 9 Device Configuration Overlay 9 HDD 제조사로부터 구입한 HDD를 모두 같은 섹터로 만드는 것이 가능 9 80 GB HDD를 BIOS, OS 모두 60 GB 의 HDD로 보이도록 구성 가능 page 4 Introduction Issue for forensic investigators 9 HPA와 DCO에 정보가 저장된 경우 일반적으로 BIOS, OS, 사용자는 접근 불가 9 포렌식 수사관들에게는 해당 영역 파악 필요 9 HDD 이미지의 경우에도 HPA와 DCO를 고려하여 이미징 해야 함 9 HPA 영역에서 탐지를 피하는 ROOTKIT 존재 page 5 Introduction Why? 9 HDD는 출시전 품질 테스트 9 250 GB HDD는 물리적으로 500 GB의 HDD와 같을 수 있음 9 단, 120 GB 품질 테스트만 통과했기 때문에 120 GB로 판매 9 HDD 관리를 위해 포맷을 해도 지워지지 않는 영역이 필요 page 6 Host Protected Area page 7 Host Protected Area Use 9 BIOS와 함께 HPA에 접근하기 위한 유틸리티 존재 9 Phoenix FirstBIOS BEER((ggBoot Engineering Extension Record ) PARTIES(Protected Area Run-Time Interface Extension Services) 9 CD or DVD 없이 OS가 로드되기 전에 시스템 복구 목적으로 활용 9 IBM, LG 노트북 등에서는 복구 소프트웨어 저장 용도로 사용 page 8 Host Protected Area ATA Command ACTUAL HARD DRIVE SIZE HARD DRIVE SIZE HPA 9 HPA 접근하기 위한 ATA 컨트롤러 명령어 : IDENTIFY DEVICE SET MAX ADDRESS (EXT) READ NATIVE MAX ADDRESS (()EXT) page 9 Host Protected Area page 10 Device Configuration Overlays Introduction 9 ATA-6 표준에서 처음 소개 9 PC 제조사들은 서로 다른 HDD를 구입하여 같은 용량으로 만듦 9 DCO 접근하기 위한 ATA 컨트롤러 명령어 : DEVICE CONFIGURATION SET : DCO 설정 DEVICE CONFIGURATION IDENTITY : DCO 접근 DEVICE CONFIGURATION RESTORE : DCO 제거 page 11 Co‐existence of HPA and DCO Collision? 9 HPA와 DCO는 동일한 HDD에 존재 가능 DEVICE CONFIGURATION SET을 통해 DCO 설정 후 SET MAX ADDRESS (EXT) 를 통해 HPA 구성 9 READ NATIVE MAX ADDRESS (EXT)와 DEVICE CONFIGURATION IDENTIFY 의 비교를 통해 DCO 적용 여부 확인 HARD DRIVE SIZE HPA DCO IDENTIFY_DEVICE READ_NATIVE_MAX_ADDRESS DEVICE_CONFIGURATION_IDENTIFY page 12 Identification & Manipulation Identification Tools 9 The Sleuth Kit (free, open software) by Brian Carrier. (HPA Linux‐only) 9 The ATA Forensic Tool(TAFT) by Arne Vidstrom 9 EnCase for DOS by Guidance Software 9 Access Data’s Forensic Toolkit 9 HD Tune Pro page 13 Identification & Manipulation Identification Methods to Linux page 14 Identification & Manipulation Manipulation tools – HDAT2 http://www.hdat2.com/ page 15 Identification & Manipulation Manipulation tools – Feature Tool by Hitachi Global Storage Technologies http://www.hitachigst.com/hdd/support/download.htm#FeatureTool page 16 Identification & Manipulation Manipulation tools – MHDD by Dmitry Postrigan http://hddguru. com/ page 17 Identification & Manipulation Manipulation tools – hdparam(linux program) & setmax(by Andries E. Brouwer) 9 hdparm ‐ http://sourceforge.net/projects/hdparm/ 9 setmax ‐ http://www.win.tue.nl/~aeb/linux/setmax.c page 18 Investigative Significance Forensic Tools Tool Progg/rammer/Vendor Version(()Now) The Sleuth Kit Brian Carrier 2.02 (3.01) ATA Forensic Tool Arne Vidstrom 111.1 (1.2) EnCase Guidance Software 4.20 (6.13) page 19 Investigative Significance EnCase for Windows vs The Sleuth Kit for Linux 9 EnCase for Windows 의 경우 HPA/DCO를 지원하지 않음 9 동일한 HDD를 대상으로 EnCase for Windows와 The Sleuth Kit for Linux 이미징 9 두 이미지에 대한 MD5 checksum 값이 불일치 Î 대상 HDD는 리눅스 시스템을 통해 HPA/DCO를 포함하여 수집해야 함 page 20 Tips Increase the Capacity of a HDD 9 준비물 : Ghost 2003 B uild 2003 .775 (t(not pat thd)ched), HDD * 2 (둘다 OS 설치) 1. T를 마스터로 잡고 X를 슬레이브로 잡는다. 파일 시스템 타입이 양쪽 드라이브 모두 같아야 한다(NTFS 혹은 FAT32 등등) 2. Ghost 2003 build 2003.775 를 T 드라이브에 표준설정으로 설치한다. 필요하다면 재부팅한다. 3. Ghost를열고Ghost Basic을 선택한다. 옵션 리스트에서 Backup을 선택한다. C:\ (하드드라이브 T에서 파티션을 없애려 는 드라이브)를 선택해 백업한다. second 드라이브를 타겟으로 선택한다. 아무 이름이나 입력하고 reboot이 나올 때까지 OK – Continue 혹은 Next를 클릭한다. 4. 재부팅이 시작되면 DOS나 드라이버가 로딩되기 전에 PC를 셧다운 시켜야 한다. 가장 좋은 방법은 BIOS가뜨고하드디 스크를 detect하는 순간 전원을 빼어 버리는 것이다. 5. Ghost가 백업하기 전에 셧다운 시켰다. 이제 마스터로 설치했던 하드 드라이브 T를 제거하고 드라이브 X를 설치한다. 하 드 드라이브 T를 secondary 드라이브로 설치한다. X는 마스터가 되고 부팅이 가능하게 되었을 것이다. 컴퓨터 관리 – 디\ 스크 관리로 간다. T 드라이브에 VPSGHBOOT 혹은 비슷한 라벨이 붙은 9메가 파티션과 이전에는 보이지 않았던 스페이 스가 보일 것이다. 아직은 VPSGHBOOT 를 제거해서는 안된다! 6. T 드라이브의 할당되지 않은 스페이스를 선택해 새로운 primary 혹은 extended 파티션을 생성한다. 좋아하는 파일 시스템 타입을 선택하고 quick format(만일 옵션이 있다면)으로 포맷한다. 포맷이 완성되면 드라이브에서 VPSGHBOOT 파티션 을 제거한다. 7T7. T 드라이브에 다음과 같은 것이 보일 것이다: a. 드라이브에 숨겨진 파티션이 있었을 당시의 오리지널 파티션 b. 방금 복구한 새로운 파티션 스페이스 c8c. 8 메가의 할당되지 않은 파티션 8. T 드라이브를 primary 하드디스크로 잡고 싶으면 디스크 관리자로 가서 오리지널 파티션(위의 a)을 활성 파티션으로 설정 page 21 http://www.hackerslab.org/ Conclusion 9 OS, BIOS로부터 보이지 않는 HPA, DCO는 사용자에 의해 변경 가능 9 HDD를 통한 증거 수집 시 ATA 버전과 HPA, DCO 지원 여부가 고려되어야 함 page 22 In My Opinion… 9 HDD 복제나 이미징의 경우 미리 HPA, DCO 존재 여부 파악 필요 9 ECEnCase 사용시 ECEnCase fDOSfor DOS 를 통한 증거 수집 홍보 9 DDI(DFRC Disk Imaging) for DOS 개발 필요 page 23 Question and Answer page 24.
Recommended publications
  • Engineering Specifications
    DOC NO : Rev. Issued Date : 2020/10/08 V1.0 SOLID STATE STORAGE TECHNOLOGY CORPORATION 司 Revised Date : ENGINEERING SPECIFICATIONS Product Name: CVB-CDXXX (WT) Model CVB-CD128 CVB-CD256 CVB-CD512 CVB-CD1024 Author: Ken Liao DOC NO : Rev. Issued Date : 2020/10/08 V1.0 SOLID STATE STORAGE TECHNOLOGY CORPORATION 司 Revised Date : Version History Date 0.1 Draft 2020/07/20 1.0 First release 2020/10/08 DOC NO : Rev. Issued Date : 2020/10/08 V1.0 SOLID STATE STORAGE TECHNOLOGY CORPORATION 司 Revised Date : Copyright 2020 SOLID STATE STORAGE TECHNOLOGY CORPORATION Disclaimer The information in this document is subject to change without prior notice in order to improve reliability, design, and function and does not represent a commitment on the part of the manufacturer. In no event will the manufacturer be liable for direct, indirect, special, incidental, or consequential damages arising out of the use or inability to use the product or documentation, even if advised of the possibility of such damages. This document contains proprietary information protected by copyright. All rights are reserved. No part of this datasheet may be reproduced by any mechanical, electronic, or other means in any form without prior written permission of SOLID STATE STORAGE Technology Corporation. DOC NO : Rev. Issued Date : 2020/10/08 V1.0 SOLID STATE STORAGE TECHNOLOGY CORPORATION 司 Revised Date : Table of Contents 1 Introduction ....................................................................... 5 1.1 Overview .............................................................................................
    [Show full text]
  • Insight Analysis
    WINTER 2016 ISSUE 6 IT ASSET DISPOSAL • RISK MANAGEMENT • COMPLIANCE • IT SECURITY • DATA PROTECTION INSIGHT EU Data Protection Regulation Page 3 ANALYSIS Exploring the Hidden Areas on Erased Drives Page 17 9 TONY BENHAM ON 13 JEFFREY DEAN LOOKS 20 A GAME OF TAG: THE 21 WHO’S WHO: FULL LIST THE TRIALS OF BEING IN DETAIL AT THE DATA CLOSED-LOOP RFID OF CERTIFIED MEMBERS AN ADISA AUDITOR SECURITY ACT SYSTEM WORLDWIDE 2 Audit Monitoring Service EDITORIAL WINTER 2016 EDITOR Steve Mellings COPY EDITOR Richard Burton CONTENT AUTHORS Steve Mellings Anthony Benham When releasing ICT Assets as part of your disposal service it is vital to ensure your supply chain is Gill Barstow Alan Dukinfield processing your equipment correctly. This is both for peace of mind and to show compliance with the Data Protection Act and the Information Commissioner’s Office guidance notes. All members within This edition was due for release in the We welcome external authors who wish DESIGN summer. But the events of June 23 were to discuss anything that will add value Antoney Calvert at the ADISA certification program undergo scheduled and unannounced audits to ensure they meet the not only the stuff of debate in bars and to members. In this edition, Gill Barstow Colourform Creative Studio certified requirements. Issues that arise can lead to changes in their certified status – or even having it boardrooms throughout Europe – they discusses a favourite subject of ours – colour-form.com forced us into countless re-drafts. building your value proposition. And an old withdrawn. These reports can be employed by end-users as part of their own downstream management PRODUCTION friend, Gavin Coates, introduces his ITAD tools and are available free of charge via the ADISA monitoring service.
    [Show full text]
  • Datasheet (PDF)
    DOC NO : Rev. Issued Date : 2020/10/07 V1.0 SOLID STATE STORAGE TECHNOLOGY CORPORATION 司 Revised Date : ENGINEERING SPECIFICATIONS Product Name: CVB-8DXXX-WT Model CVB-8D128- WT CVB-8D256 - WT CVB-8D512- WT CVB-8D1024 - WT Author: Ken Liao DOC NO : Rev. Issued Date : 2020/10/07 V1.0 SOLID STATE STORAGE TECHNOLOGY CORPORATION 司 Revised Date : Version History Date 0.1 Draft 2020/03/30 1.0 First release 2020/10/07 DOC NO : Rev. Issued Date : 2020/10/07 V1.0 SOLID STATE STORAGE TECHNOLOGY CORPORATION 司 Revised Date : Copyright 2020 SOLID STATE STORAGE TECHNOLOGY CORPORATION Disclaimer The information in this document is subject to change without prior notice in order to improve reliability, design, and function and does not represent a commitment on the part of the manufacturer. In no event will the manufacturer be liable for direct, indirect, special, incidental, or consequential damages arising out of the use or inability to use the product or documentation, even if advised of the possibility of such damages. This document contains proprietary information protected by copyright. All rights are reserved. No part of this datasheet may be reproduced by any mechanical, electronic, or other means in any form without prior written permission of SOLID STATE STORAGE Technology Corporation. DOC NO : Rev. Issued Date : 2020/10/07 V1.0 SOLID STATE STORAGE TECHNOLOGY CORPORATION 司 Revised Date : Table of Contents 1 Introduction ....................................................................... 5 1.1 Overview .............................................................................................
    [Show full text]
  • Anti-Forensics: the Rootkit Connection for Black Hat USA 2009
    [Black Hat USA 2009] Anti-Forensics: The Rootkit Connection Black Hat USA 2009 Conference Proceedings Anti-Forensics: The Rootkit Connection Bill Blunden Principal Investigator Below Gotham Labs www.belowgotham.com Abstract Conventional rootkits tend to focus on defeating forensic live incident response and network monitoring using a variety of concealment strategies (e.g. hooking, detour patching, covert channels, peer-to-peer communication, etc.). However, the technology required to survive a post-mortem analysis of secondary storage, which is just as vital in the grand scheme of things, recently doesn’t seem to have garnered the same degree of coverage. In this paper, we’ll examine different approaches to persisting a rootkit and the associated anti-forensic tactics that can be employed to thwart an investigator who’s performing an autopsy of a disk image. 1 | Below Gotham Labs [Black Hat USA 2009] Anti-Forensics: The Rootkit Connection Contents Introduction 4 Post-Mortem Dance Steps 5 Worst-Case Scenario 6 Strategies for the Worst Case 7 Disk Analysis: Tactics and Countermeasures 9 Defense in Depth 9 Forensic Duplication 10 Reserved Disk Regions 10 Recovering File System Objects 10 Full Disk Encryption 10 File System Attacks 11 File concealment 11 Out-of-Band Concealment 11 In-Band Concealment 13 Application Layer Concealment 15 Recovering Deleted Files 16 File Wiping 16 Meta-Data Shredding 17 Encryption 17 Key Management 17 Collecting File Meta Data 18 Altering Checksums 18 Modifying Timestamps 19 Identifying Known Files 20 Injecting
    [Show full text]
  • Wipedrive Home 9
    WipeDrive Home 9 Table of Contents IMPORTANT! PLEASE READ CAREFULLY: ........................................................................................................ 3 General Information ...................................................................................................................................... 3 WipeDrive ..................................................................................................................................................... 3 Overview ................................................................................................................................................................... 3 System Requirements ............................................................................................................................................... 3 Key Features .................................................................................................................................................. 4 Secure Removal of HPA and DCO .............................................................................................................................. 4 Secure Erase Option .................................................................................................................................................. 4 WipeDrive Boot Via CD ................................................................................................................................. 5 Overview ..................................................................................................................................................................
    [Show full text]
  • Advanced Computer Forensics
    ADVANCED COMPUTER FORENSICS EnCE EnCase Forensics: The Official EnCase Certified Examiner Study Guide CHAPTER 4 Acquiring Digital Evidence EnCase Forensic Boot Disks • Creating with EnCase 7 • Download the image of a boot floppy from Guidance Software’s support portal • Downloads Tab • Boot Disk • Tools Create Boot Disk • Booting Using the EnCase Boot Disk • When to utilize your boot disk • Geometry mismatches between the suspect machine and your machine • Suspect HD “married” to the motherboard for security reasons • HD part of HD RAID • HPA / DCO Seeing Invisible HPA and DCO Data • Host Protected Area (HPA) • ATA-4 – creates a place for vendors to store information • Recovery, security, registration etc. • Invisible to BIOS thus protected from users • Device Configuration Overlay (DCO) • ATA-6 – limiting the apparent capacity of a drive • End of the drive and is also invisible to BIOS • Accessing this “invisible” data • Direct ATA (legacy method of access) • EnCase for DOS on a forensic boot disk • EnCase communicates directly with the controller • LinEN-EnCase under Linux and FastBloc SE HPA or DCO? • Check Manufacturer’s website for drive specifications • If EnCase reports less sectors than the manufacturer specs then suspect HPA or DCO Steps for DOS Boot • Prepare for the unexpected and have a hand on the power • Follow your own policies • Disconnect power and inspect the connections • Disconnect power and data (label each drive • Insert forensic boot disk or CD • Reconnect the power and start the computer • Enter the setup mode
    [Show full text]
  • Introduction: Post-Mortem Digital Forensics
    Digital Forensics 1.0.1 Introduction: Post-mortem Digital Forensics CIRCL TLP:WHITE [email protected] Edition May 2020 Thanks to: AusCERT JISC 2 of 102 Overview 1. Introduction 2. Information 3. Disk Acquisition 4. Disk Cloning / Disk Imaging 5. Disk Analysis 6. Forensics Challenges 7. Bibliography and Outlook 3 of 102 1. Introduction 4 of 102 1.1 Admin default behaviour • Get operational asap: ◦ Re-install ◦ Re-image ◦ Restore from backup ! Destroy of evidences • Analyse the system on his own: ◦ Do some investigations ◦ Run AV ◦ Apply updates ! Overwrite evidences ! Create big noise ! Negative impact on forensics 5 of 102 1.2 Preservation of evidences • Finding answers: ! System compromised ! How, when, why ! Malware/RAT involved ! Persistence mechanisms ! Lateral movement inside LAN ! Detect the root cause of the incident ! Access sensitive data ! Data exfiltration ! Illegal content ! System involved at all • Legal case: ! Collect & safe evidences ! Witness testimony for court 6 of 102 1.2 Preservation of evidences • CRC not sufficient: ◦ Example: Checksum 4711 ! 13 ◦ Example: Collision 12343 ! 13 • Cryptographic hash function: ◦ Output always same size ◦ Deterministic: if m = m ! h(m) = h(m) ◦ 1 Bit change in m ! max. change in h(m) ◦ One way function: For h(m) impossible to find m ◦ Simple collision resistance: For given h(m1) hard to find h(m2) ◦ Strong collision resistance: For any h(m1) hard to find h(m2) 7 of 102 1.3 Forensics Science • Classical forensic Locard's exchange principle https://en.wikipedia.org/wiki/Locard%27s_exchange_principle
    [Show full text]
  • Wipedrive Home 8, May 14 2018
    WipeDrive Home 8, May 14 2018 Table of Contents IMPORTANT! PLEASE READ CAREFULLY: ........................................................................................................ 3 General Information ...................................................................................................................................... 3 WipeDrive ..................................................................................................................................................... 3 Overview ................................................................................................................................................................... 3 System Requirements ............................................................................................................................................... 3 Key Features .................................................................................................................................................. 4 Secure Removal of HPA and DCO .............................................................................................................................. 4 Secure Erase Option .................................................................................................................................................. 4 WipeDrive Boot Via CD ................................................................................................................................. 5 Overview ..................................................................................................................................................................
    [Show full text]
  • Samsung Spinpoint D8X Mobile SATA
    D8X Product Manual 2.5” Hard Disk Drive January 20, 2016. Rev 2.2 PMD8X 100778771 Rev. E © 2015 Seagate Technology LLC. All rights reserved. Seagate and Seagate Technology are registered trademarks of Seagate Technology LLC in the United States and/or other countries. SeaTools is either a trademark or registered trademark of Seagate Technology LLC or one of its affiliated companies in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners. When referring to drive capacity, one gigabyte, or GB, equals one billion bytes and one terabyte, or TB, equals one trillion bytes. Your computer’s operating system may use a different standard of measurement and report a lower capacity. In addition, some of the listed capacity is used for formatting and other functions, and thus will not be available for data storage. Actual data rates may vary depending on operating environment and other factors. The export or re-export of hardware or software containing encryption may be regulated by the U.S. Department of Commerce, Bureau of Industry and Security (for more information, visit www.bis.doc.gov), and controlled for import and use outside of the U.S. Seagate reserves the right to change, without notice, product offerings or specifications. TABLE OF CONTENTS CHAPTER 1 SCOPE .............................................................................................................................1 1.1 USER DEFINITION ..............................................................................................................................1
    [Show full text]
  • Forensically Sound Data Acquisition in the Age of Anti-Forensic Innocence
    Forensically Sound Data Acquisition in the Age of Anti-Forensic Innocence Forensisch korrekte Datensicherung im Zeitalter anti-forensischer Arglosigkeit Der Technischen Fakultät der Friedrich-Alexander-Universität Erlangen-Nürnberg zur Erlangung des Doktorgrades Dr.-Ing. vorgelegt von Michael Gruhn aus Bad Windsheim Als Dissertation genehmigt von der Technischen Fakultät der Friedrich-Alexander-Universität Erlangen-Nürnberg Tag der mündlichen Prüfung: 2016-11-24 Vorsitzender des Promotionsorgans: Prof. Dr.-Ing. Reinhard Lerch Gutachter: Prof. Dr.-Ing. Felix Freiling Prof. Dr. Zeno Geradts Abstract In this thesis, we tackle anti-forensic and rootkit problems in digital forensics. An anti-forensic technique is any measure that prevents a forensic analysis or reduces its quality. First, we investigate the anti-forensic threat of hard drive firmware rootkits, which can prevent a forensic analyst from acquiring data from the hard drive, thus jeopardizing the forensic analysis. To this end, we first outline the threat of hard drive firmware rootkits. We then provide a procedure to detect and subvert already published hard disk drive firmware bootkits. We further outline potential avenues to detect hard drive firmware rootkits nested deeper within the hard disk drive’s so-called Service Area, a special storage on the magnetic platter reserved for use by the firmware. After addressing the acquisition of persistent data storage in form of hard disk drives, we shift towards acquisition and later analysis of volatile storage, in the form of RAM. To this end, we first evaluate the atomicity and integrity as well as anti-forensic resistance of different memory acquisition techniques with our novel black-box analysis technique.
    [Show full text]
  • Blancco Erasure Software Security Target
    BLANCCO ERASURE SOFTWARE SECURITY TARGET Security Target Document for the Common Criteria Certification of Blancco Erasure Software v5.1.0 for X86 architecture Version 5.0 13.12. 2011 ID 96 Juha Levo, Quality Manager TABLE OF CONTENTS SECURITY TARGET INTRODUCTION ...................................................................... 4 Abbreviations and Terms ............................................................................................. 4 ST Reference ............................................................................................................... 5 TOE Reference ............................................................................................................. 5 TOE Overview .............................................................................................................. 5 TOE Description .......................................................................................................... 6 CONFORMANCE CLAIMS..................................................................................... 10 CC Conformance Claim .............................................................................................. 10 PP Claim .................................................................................................................... 10 SECURITY PROBLEM DEFINITION ......................................................................... 11 Threats ...................................................................................................................... 11 Assumptions
    [Show full text]
  • Test Results for Bitraser Version 3.0 Final with MP Edits Updated
    October 2020 Test Results for Forensic Media Preparation Tool: BitRaser Drive Eraser Version 3.0 Federated Testing Suite for Forensic Media Preparation Contents Introduction ..................................................................................................................................... 1 How to Read This Report ............................................................................................................... 2 1. Tool Description ......................................................................................................................... 3 2. Testing Organization ................................................................................................................... 3 3. Results Summary ........................................................................................................................ 3 4. Test Environment & Selected Test Configurations .................................................................... 4 4.1 Test Hardware and Software ................................................................................................. 4 4.2 Defined Test Configurations ................................................................................................. 4 4.3 Test Drive Information and Layouts ..................................................................................... 4 5. Test Results by Test Configuration............................................................................................. 5 5.1 Results Summary .................................................................................................................
    [Show full text]